Artifact Information

When there is a security incident, Artifact is collected from EDR agents to analyze the traces left by applications or the operating system.

From Artifact Information, you can:

• Check Artifact information

Note

V3's ASD engine collects Artifact information.

Artifact Information

Artifact information is the traces left by applications or the operating system - log, history, timeline and registry information. It is collected from EDR agents (not from individual agents, but from the agent group), and the maximum Artifact file size is 500KB. V3's ASD engine looks for and collects the following Artifact data:

• Reputation: Information in Process/File Information and Network Information.
• File: Information in Process/File Information on single files.
• Network: Information in Network Information.
• Behavior: Information in Behavior Information.
• Statistics: Search for file or network status for a specific period, and check the number of malware, unknown files and files that meet the engine conditions.
• Blocked/Allowed Statistics: The statistics on files allowed and blocked by the user for a specific period.

Collected Log Data

V3's ASD engine receives the following log data:

Process/File Information

• File path
• Malicious file reputation information
• Downloaded URL path or process execution information
• Number of users or number of blocked/allowed process and file
• User reputation point (-100 to 100)
• Information that meet the engine conditions

Network Information

• Network type or URL information
• Program path or protocol type
• Network connection time
• Number of blocked/allowed networks
• User reputation point (-100 to 100)
• Information that meet the engine conditions

Behavior Information

• The behavior time and date, and suspicious file and process information
• Registry key name, value name and value data
• Path of file with changed file name or suspicious behavior
• Process path
• Suspicious network's URL, IP address and protocol type